Presentation is loading. Please wait.

Presentation is loading. Please wait.

Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.

Published byAnnabel Bridges Modified over 8 years ago

Similar presentations

Presentation on theme: "Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate."— Presentation transcript:

1

2 Denial-of-Service Attacks Justin Steele

3 Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service.” 1 “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service.” 1 Denial-of-service attacks deal with the issue of availability. Denial-of-service attacks deal with the issue of availability. 1 1 CERT Website

4 Examples Examples include attempts to Examples include attempts to "flood" a network, thereby preventing legitimate network traffic 1 "flood" a network, thereby preventing legitimate network traffic 1 disrupt connections between two machines, thereby preventing access to a service 1 disrupt connections between two machines, thereby preventing access to a service 1 prevent a particular individual from accessing a service 1 prevent a particular individual from accessing a service 1 disrupt service to a specific system or person 1 disrupt service to a specific system or person 1 1 1 CERT Website

5 Types of Attacks Physical Attack Physical Attack Physically destroying components. Physically destroying components. Configuration Attack Configuration Attack Altering or destroying configuration files or information. Altering or destroying configuration files or information. Consumption Attack Consumption Attack Using limited or scarce resources and thereby preventing legitimate users from using them. Using limited or scarce resources and thereby preventing legitimate users from using them.

6 Physical Attack Probably considered the least interesting to most of us. Probably considered the least interesting to most of us. Examples Examples Taking a bat a smashing an ATM, thus denying others the ability to use the ATM. Taking a bat a smashing an ATM, thus denying others the ability to use the ATM. Snipping or cutting a fiber optic line therefore preventing communication to a network or system. Snipping or cutting a fiber optic line therefore preventing communication to a network or system. Intentionally turning off or disabling a cooling system which results in a machine overheating and failing. Intentionally turning off or disabling a cooling system which results in a machine overheating and failing.

7 Configuration Attack Most of us probably don’t think about this one right away. Most of us probably don’t think about this one right away. Examples Examples Obtaining administrator rights and deleting user accounts. Obtaining administrator rights and deleting user accounts. Hacking the.htaccess file on a web server and preventing anyone from viewing the site. Hacking the.htaccess file on a web server and preventing anyone from viewing the site. Changing the default gateway that a DHCP Server sends to its clients. Changing the default gateway that a DHCP Server sends to its clients. Changing the settings on a machine which interferes with its ability to get onto the network. Changing the settings on a machine which interferes with its ability to get onto the network. Modifying a domain name’s DNS information. Modifying a domain name’s DNS information.

8 Consumption Attack Perhaps the one most of us think of and probably find the most interesting. Perhaps the one most of us think of and probably find the most interesting. CERT defines four subtypes CERT defines four subtypes Network Connectivity Network Connectivity Using Your Own Resources Against You Using Your Own Resources Against You Other Resource Consumption Other Resource Consumption Bandwidth Consumption Bandwidth Consumption

9 Network Connectivity Attack “Denial-of-service attacks are most frequently executed against network connectivity. The goal is to prevent hosts or networks from communicating on the network.” 1 “Denial-of-service attacks are most frequently executed against network connectivity. The goal is to prevent hosts or networks from communicating on the network.” 1 “An example of this type of attack is the "SYN flood" attack” 1 “An example of this type of attack is the "SYN flood" attack” 1 Also known as a Protocol Attack. Also known as a Protocol Attack. This is an example of an “asymmetric attack” This is an example of an “asymmetric attack” “attacks can be executed with limited resources against a large, sophisticated site” 1 “attacks can be executed with limited resources against a large, sophisticated site” 1 “an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated machines or networks.” 1 “an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated machines or networks.” 1 1 1 CERT Website

10 SYN Flood Attack (Images taken from www.grc.com)

11 Using Your Own Resources Against You Attack An attacker uses your own resources against you in unexpected ways. An attacker uses your own resources against you in unexpected ways. An example is a UDP chargen/echo scenario An example is a UDP chargen/echo scenario

12 Other Resource Consumption Attack Most of us don’t readily consider Consumption Attacks. Most of us don’t readily consider Consumption Attacks. Examples Examples CPU time CPU time Spawning a large number of processes that bog down the CPU Spawning a large number of processes that bog down the CPU Consuming “locks” Consuming “locks” Intentionally incorrectly logging in a user until security features prevent any more login attempts for that user. Intentionally incorrectly logging in a user until security features prevent any more login attempts for that user. Could include using file or database locks so others can’t access them. Could include using file or database locks so others can’t access them. Filling up disk space Filling up disk space Generating excessive email messages Generating excessive email messages Generating error messages that get logged Generating error messages that get logged Placing files in anonymous ftp server space or open shares Placing files in anonymous ftp server space or open shares

13 Bandwidth Consumption Attack The attacker consumes all available bandwidth on a network. The attacker consumes all available bandwidth on a network. Most often done with ICMP ECHO (Ping) packets, but doesn’t have to be. Most often done with ICMP ECHO (Ping) packets, but doesn’t have to be. The attacker may be using multiple machines to coordinate the attack. The attacker may be using multiple machines to coordinate the attack. DDoS – Distributed Denial-of-Service DDoS – Distributed Denial-of-Service DRDoS – Distributed Reflection Denial-of-Service DRDoS – Distributed Reflection Denial-of-Service DoS – Any type of Denial-of-Service DoS – Any type of Denial-of-Service DDoS & DRDoS are Brute Force Attacks DDoS & DRDoS are Brute Force Attacks Filterable vs. Non-filterable Attacks Filterable vs. Non-filterable Attacks Filterable Attacks consist of bogus packets or non-critical services which can be blocked by a firewall without affecting the rest of the machine or network. Filterable Attacks consist of bogus packets or non-critical services which can be blocked by a firewall without affecting the rest of the machine or network. Non-filterable Attacks consist of packets requesting legitimate services and resources, thus a firewall will not help stop the attack. Non-filterable Attacks consist of packets requesting legitimate services and resources, thus a firewall will not help stop the attack.

14 Bandwidth Consumption Attack (Images taken from www.grc.com)

15 DoS versus DDoS (Images taken from www.grc.com)

16 DDoS Attack (Images taken from www.grc.com)

17 DRDoS Attack (Images taken from www.grc.com)

18 DDoS versus DRDoS (Images taken from www.grc.com)

19 What can we do? ISP’s ISP’s Implement hardware/software settings and filters on routers and machines that limit and bound packets. Implement hardware/software settings and filters on routers and machines that limit and bound packets. Prevent users from spoofing packets (Firewall). Prevent users from spoofing packets (Firewall). Administrators Administrators Install and use a firewall. Install and use a firewall. Close all unnecessary ports and turn off all unused services. Close all unnecessary ports and turn off all unused services. Use quotas. Use quotas. Maintain backups of configuration files. Maintain backups of configuration files. Install intrusion detection software. Install intrusion detection software. Monitor network traffic. Monitor network traffic. Evaluate physical security on a routine basis. Evaluate physical security on a routine basis. Average Jane and John Doe Average Jane and John Doe Don’t download/install software from unknown/unreliable sources. Don’t download/install software from unknown/unreliable sources. Install personal firewall/port protection software. Install personal firewall/port protection software.

20 Sources http://www.cert.org/tech_tips/denial_of_service.html http://www.cert.org/tech_tips/denial_of_service.html http://www.cert.org/tech_tips/denial_of_service.html http://grc.com/dos/drdos.htm http://grc.com/dos/drdos.htm http://grc.com/dos/drdos.htm http://grc.com/dos/grcdos.htm http://grc.com/dos/grcdos.htm http://grc.com/dos/grcdos.htm http://www.rbs2.com/ccrime.htm#anchor111666 http://www.rbs2.com/ccrime.htm#anchor111666 http://www.rbs2.com/ccrime.htm#anchor111666 http://www.netcraft.com/presentations/interop/dos.html http://www.netcraft.com/presentations/interop/dos.html http://www.netcraft.com/presentations/interop/dos.html http://lasr.cs.ucla.edu/ddos/ucla_tech_report_020018.pdf http://lasr.cs.ucla.edu/ddos/ucla_tech_report_020018.pdf http://lasr.cs.ucla.edu/ddos/ucla_tech_report_020018.pdf http://www.cnn.com/2002/TECH/internet/10/23/net.attack/ http://www.cnn.com/2002/TECH/internet/10/23/net.attack/ http://www.cnn.com/2002/TECH/internet/10/23/net.attack/ http://www.infoworld.com/article/03/01/25/030125hnsqlnet_ 1.html?s=IDGNS http://www.infoworld.com/article/03/01/25/030125hnsqlnet_ 1.html?s=IDGNS http://www.infoworld.com/article/03/01/25/030125hnsqlnet_ 1.html?s=IDGNS http://www.infoworld.com/article/03/01/25/030125hnsqlnet_ 1.html?s=IDGNS

21

Download ppt "Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate."

Similar presentations

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
CSE331: Introduction to Networks and Security Lecture 35 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 35 Fall 2002.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
DENIAL OF SERVICE ATTACK

DENIAL OF SERVICE ATTACK
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Similar presentations

Ads by Google